Bush Administration Now Spying On Banking, Without A Warrant

June 23, 2006

From The New York Times:

Under a secret Bush administration program initiated weeks after the Sept. 11 attacks, counterterrorism officials have gained access to financial records from a vast international database and examined banking transactions involving thousands of Americans and others in the United States, according to government and industry officials.

The program is limited, government officials say, to tracing transactions of people suspected of ties to Al Qaeda by reviewing records from the nerve center of the global banking industry, a Belgian cooperative that routes about $6 trillion daily between banks, brokerages, stock exchanges and other institutions. The records mostly involve wire transfers and other methods of moving money overseas or into and out of the United States. Most routine financial transactions confined to this country are not in the database.

Viewed by the Bush administration as a vital tool, the program has played a hidden role in domestic and foreign terrorism investigations since 2001 and helped in the capture of the most wanted Qaeda figure in Southeast Asia, the officials said. The program, run out of the Central Intelligence Agency and overseen by the Treasury Department, “has provided us with a unique and powerful window into the operations of terrorist networks and is, without doubt, a legal and proper use of our authorities,” Stuart Levey, an undersecretary at the Treasury Department, said in an interview Thursday. The program is grounded in part on the president’s emergency economic powers, Mr. Levey said, and multiple safeguards have been imposed to protect against any unwarranted searches of Americans’ records.

The program, however, is a significant departure from typical practice in how the government acquires Americans’ financial records. Treasury officials did not seek individual court-approved warrants or subpoenas to examine specific transactions, instead relying on broad administrative subpoenas for millions of records from the cooperative, known as Swift.

That access to large amounts of sensitive data was highly unusual, several officials said, and stirred concerns inside the administration about legal and privacy issues.

“The capability here is awesome or, depending on where you’re sitting, troubling,” said one former senior counterterrorism official who considers the program valuable. While tight controls are in place, the official added, “The potential for abuse is enormous.”

The program is separate from the National Security Agency’s efforts to eavesdrop without warrants and collect domestic phone records, operations that have provoked fierce public debate and spurred lawsuits against the government and telecommunications companies. But all the programs grew out of the Bush administration’s desire to exploit technological tools to prevent another terrorist strike, and all reflect attempts to break down longstanding legal or institutional barriers to the government’s access to private information about Americans and others inside the United States.

Officials described the Swift program as the biggest and most far-reaching of several secret efforts to trace terrorist financing. Much more limited agreements with other companies have provided access to A.T.M. transactions, credit card purchases and Western Union wire payments, the officials said.

Nearly 20 current and former government officials and industry executives discussed aspects of the Swift operation with The New York Times on condition of anonymity because the program remains classified. Some of those officials expressed reservations about the program, saying that what they viewed as an urgent, temporary measure had become permanent nearly five years later without specific Congressional approval or formal authorization.

Data from the Brussels-based banking consortium, formally known as the Society for Worldwide Interbank Financial Telecommunication, has allowed officials from the C.I.A., the Federal Bureau of Investigation and other agencies to examine “tens of thousands” of financial transactions, Mr. Levey said.

While many of those transactions have occurred entirely on foreign soil, officials have also been keenly interested in international transfers of money by individuals, businesses, charities and other organizations under suspicion inside the United States, officials said. A small fraction of Swift’s records involve transactions entirely within this country, but Treasury officials said they were uncertain whether any had been examined.

Swift executives have been uneasy at times about their secret role, the government and industry officials said. By 2003, the executives told American officials they were considering pulling out of the arrangement, which began as an emergency response to the Sept. 11 attacks, the officials said. Worried about potential legal liability, the Swift executives agreed to continue providing the data only after top officials, including Alan Greenspan, then chairman of the Federal Reserve, intervened. At the same time, new controls were introduced.

Among the program’s safeguards, government officials said, is an outside auditing firm that verifies that the data searches are based on a link to terrorism intelligence. Swift and Treasury officials said they were aware of no abuses. But Mr. Levey, the Treasury official, said one person had been removed from the operation for conducting a search considered inappropriate.

“We are not on a fishing expedition,” Mr. Levey said. “We’re not just turning on a vacuum cleaner and sucking in all the information that we can.”

Treasury officials said Swift was exempt from American laws restricting government access to private financial records because the cooperative was considered a messaging service, not a bank or financial institution.

But at the outset of the operation, Treasury and Justice Department lawyers debated whether the program had to comply with such laws before concluding that it did not, people with knowledge of the debate said. Several outside banking experts, however, say that financial privacy laws are murky and sometimes contradictory and that the program raises difficult legal and public policy questions.

The Bush administration has made no secret of its campaign to disrupt terrorist financing, and President Bush, Treasury officials and others have spoken publicly about those efforts. Administration officials, however, asked The New York Times not to publish this article, saying that disclosure of the Swift program could jeopardize its effectiveness. They also enlisted several current and former officials, both Democrat and Republican, to vouch for its value.

Bill Keller, the newspaper’s executive editor, said: “We have listened closely to the administration’s arguments for withholding this information, and given them the most serious and respectful consideration. We remain convinced that the administration’s extraordinary access to this vast repository of international financial data, however carefully targeted use of it may be, is a matter of public interest.”

Swift declined to discuss details of the program but defended its role in written responses to questions. “Swift has fully complied with all applicable laws,” the consortium said. The organization said it insisted that the data be used only for terrorism investigations and had narrowed the scope of the information provided to American officials over time.

A Crucial Gatekeeper

Swift’s database provides a rich hunting ground for government investigators. Swift is a crucial gatekeeper, providing electronic instructions on how to transfer money between 7,800 financial institutions worldwide. The cooperative is owned by more than 2,200 organizations, and virtually every major commercial bank, as well as brokerage houses, fund managers and stock exchanges, uses its services. Swift routes more than 11 million transactions each day, most of them across borders.

The cooperative’s message traffic allows investigators, for example, to track money from the Saudi bank account of a suspected terrorist to a mosque in New York. Using intelligence tips about specific targets, agents search the database in what one official described as a “24-7” operation. Customers’ names, bank account numbers and other identifying information, can be retrieved, the officials said.

The data does not allow the government to track routine financial activity, like A.T.M. withdrawals, confined to this country, or to see bank balances, Treasury officials said. And the information is not provided in real time – Swift generally turns it over several weeks later. Because of privacy concerns and the potential for abuse, the government sought the data only for terrorism investigations and prohibited its use for tax fraud, drug trafficking or other inquiries, the officials said.

The Treasury Department was charged by President Bush, in a September 2001 executive order, with taking the lead role in efforts to disrupt terrorist financing. Mr. Bush has been briefed on the program and Vice President Dick Cheney has attended C.I.A. demonstrations, the officials said. The National Security Agency has provided some technical assistance.

While the banking program is a closely held secret, administration officials have conducted classified briefings to some members of Congress and the Sept. 11 Commission, the officials said. More lawmakers were briefed in recent weeks, after the administration learned The Times was making inquiries for this article. Swift’s 25-member board of directors, made up of representatives from financial institutions around the world, was previously told of the program, but it is not clear if other participants know that American intelligence officials can examine their message traffic.

Because Swift is based overseas and has offices in the United States, it is governed both by European and American laws. Several international regulations and policies impose privacy restrictions on companies that are generally regarded as more stringent than those in this country. United States law establishes some protections for the privacy of Americans’ financial data, but they are not ironclad. A 1978 measure, the Right to Financial Privacy Act, has a limited scope and a number of exceptions, and its role in national security cases remains largely untested.

Several people familiar with the Swift program said they believed they were exploiting a “gray area” in the law and that a case could be made for restricting the government’s access to the records on Fourth Amendment and statutory grounds. They also worried about the impact on Swift if the program were disclosed.

“There was always concern about this program,” a former official said.

One person involved in the Swift program estimated that analysts have reviewed international transfers involving “many thousands” of people or groups in the United States. Two other officials also placed the figure in the thousands. Mr. Levey said he could not estimate the number.

The Swift data has provided clues to terror money trails and ties between possible terrorists and organizations financing them, the officials said. In some instances, they said, the program has pointed them to new suspects, while in others it has buttressed cases already under investigation.

Among the successes was the capture of a Qaeda operative, Riduan Isamuddin, better known as Hambali, believed to be the mastermind of the 2002 bombing of a Bali resort, several officials said. The Swift data identified a previously unknown figure in Southeast Asia who had financial dealings with a person suspected of being a member of Al Qaeda; that link helped locate Hambali in Thailand in 2003, they said.

In the United States, the program has provided financial data in investigations into possible domestic terrorist cells as well as inquiries of Islamic charities with suspected of having links to extremists, the officials said.

The data also helped identify a Brooklyn man who was convicted on terrorism-related charges last year, the officials said. The man, Uzair Paracha, who worked at a New York import business, aided a Qaeda operative in Pakistan by agreeing to launder $200,000 through a Karachi bank, prosecutors said.

In terrorism prosecutions, intelligence officials have been careful to “sanitize,” or hide the origins of evidence collected through the program to keep it secret, officials said.

The Bush administration has pursued steps that may provide some enhanced legal standing for the Swift program. In late 2004, Congress authorized the Treasury Department to develop regulations requiring American banks to turn over records of international wire transfers. Officials say a preliminary version of those rules may be ready soon. One official described the regulations as an attempt to “formalize” access to the kind of information secretly provided by Swift, though other officials said the initiative was unrelated to the program.

The Scramble for New Tools

Like other counterterrorism measures carried out by the Bush administration, the Swift program began in the hectic days after the Sept. 11 attacks, as officials scrambled to identify new tools to head off further strikes.

One priority was to cut off the flow of money to Al Qaeda. The Sept. 11 hijackers had helped finance their plot by moving money through banks. Nine of the hijackers, for instance, funneled money from Europe and the Middle East to SunTrust bank accounts in Florida. Some of the $130,000 they received was wired by people overseas with known links to Al Qaeda.

Financial company executives, many of whom had lost friends at the World Trade Center, were eager to help federal officials trace terrorist money. “They saw 9/11 not just as an attack on the United States, but on the financial industry as a whole,” said one former government official.

Quietly, counterterrorism officials sought to expand the information they were getting from financial institutions. Treasury officials, for instance, spoke with credit card companies about devising an alert if someone tried to buy fertilizer and timing devices that could be used for a bomb, but they were told the idea was not logistically possible, a lawyer in the discussions said.

The F.B.I. began acquiring financial records from Western Union and its parent company, First Data Corporation. The programs were alluded to in Congressional testimony by the F.B.I. in 2003 and described in more detail in a book released this week, “The One Percent Doctrine,” by Ron Suskind. Using what officials described as individual, narrowly framed subpoenas and warrants, the F.B.I. has obtained records from First Data, which processes credit and debit card transactions, to track financial activity and try to locate suspects.

Similar subpoenas for the Western Union data allowed the F.B.I. to trace wire transfers, mainly outside the United States, and to help Israel trace the financing of about a half-dozen possible terrorist plots there, an official said.

The idea for the Swift program, several officials recalled, grew out of a suggestion by a Wall Street executive, who told a senior Bush administration official about Swift’s database. Few government officials knew much about the consortium, which is led by a Brooklyn native, Leonard H. Schrank, but they quickly discovered it offered unparalleled access to international transactions.

Swift, a former government official said, was “the mother lode, the Rosetta stone” for financial data.

Intelligence officials were so eager to exploit the Swift data that they discussed having the C.I.A. covertly gain access to the system, several officials involved in the talks said. But Treasury officials resisted, the officials said, and favored going to Swift directly.

At the same time, lawyers in the Treasury Department and the Justice Department were considering possible legal obstacles to the arrangement, the officials said.

In 1976, the Supreme Court ruled that Americans had no constitutional right to privacy for their records held by banks or other financial institutions. In response, Congress passed the Right to Financial Privacy Act two years later, restricting government access to Americans’ banking records. In considering the Swift program, some government lawyers were particularly concerned about whether the law prohibited officials from gaining access to records without a warrant or subpoena based on some level of suspicion about each target.

For many years, law enforcement officials have relied on grand-jury subpoenas or court-approved warrants for such financial data. Since the Sept. 11 attacks, the F.B.I. has turned more frequently to an administrative subpoena, known as a national security letter, to demand such records.

After an initial debate, Treasury Department lawyers, consulting with the Justice Department, concluded that the privacy laws applied to banks, not to a banking cooperative like Swift. They also said the law protected individual customers and small companies, not the major institutions that route money through Swift on behalf of their customers.

Other state, federal and international regulations place different and sometimes conflicting restrictions on the government’s access to financial records. Some put greater burdens on the company disclosing the information than on the government officials demanding it.

Among their considerations, American officials saw Swift as a willing partner in the operation. But Swift said its participation was never voluntary. “Swift has made clear that it could provide data only in response to a valid subpoena,” according to its written statement.

Indeed, the cooperative’s executives voiced early concerns about legal and corporate liability, officials said, and the Treasury Department’s Office of Foreign Asset Control began issuing broad subpoenas for the cooperative’s records related to terrorism. One official said the subpoenas were intended to give Swift some legal protection.

Underlying the government’s legal analysis was the International Emergency Economic Powers Act, which Mr. Bush invoked after the Sept. 11 attacks. The law gives the president what legal experts say is broad authority to “investigate, regulate or prohibit” foreign transactions in responding to “an unusual and extraordinary threat.”

But L. Richard Fischer, a Washington lawyer who wrote a book on banking privacy and is regarded as a leading expert in the field, said he was troubled that the Treasury Department would use broad subpoenas to demand large volumes of financial records for analysis. Such a program, he said, appears to do an end run around bank-privacy laws that generally require the government to show that the records of a particular person or group are relevant to an investigation.

“There has to be some due process,” Mr. Fischer said. “At an absolute minimum, it strikes me as inappropriate.”

Several former officials said they had lingering concerns about the legal underpinnings of the Swift operation. The program “arguably complies with the letter of the law, if not the spirit,” one official said.

Another official said: “This was creative stuff. Nothing was clear cut, because we had never gone after information this way before.”

Treasury officials would not say whether a formal legal opinion was prepared in authorizing the program, but they said they considered the government’s authority to subpoena the Swift records to be clear. “People do not have a privacy interest in their international wire transactions,” Mr. Levey, the Treasury under secretary, said.

Tighter Controls Sought

Within weeks of the Sept. 11 attacks, Swift began turning over records that allowed American analysts to look for evidence of terrorist financing. Initially, there appear to have been few formal limits on the searches.

“At first, they got everything – the entire Swift database,” one person close to the operation said.

Intelligence officials paid particular attention to transfers to or from Saudi Arabia and the United Arab Emirates because most of the Sept. 11 hijackers were from those countries.

The volume of data, particularly at the outset, was often overwhelming, officials said. “We were turning on every spigot we could find and seeing what water would come out,” one former administration official said. “Sometimes there were hits, but a lot of times there weren’t.”

Officials realized the potential for abuse, and soon narrowed the program’s targets and put in more safeguards. Among them were the auditing firm, an electronic record of every search and a form documenting the intelligence that justified each data search. Mr. Levey said the program was used only to search the records of individuals or entities, not for broader data searches.

Despite the controls, Swift executives became increasingly worried about their secret involvement with the American government, the officials said. By 2003, the cooperative’s officials were discussing pulling out because of their concerns about legal and financial risks if the program were revealed, one government official said.

“How long can this go on?” a Swift executive asked, according to the official.

Even some American officials began to question the open-ended arrangement. “I thought there was a limited shelf life and that this was going to go away,” the former senior official said.

In 2003, administration officials asked Swift executives and some board members to come to Washington. They met with Mr. Greenspan, Robert S. Mueller III, the F.B.I. director, and Treasury officials, among others, in what one official described as “a full-court press.”

The executives agreed to continue supplying records after the Americans pledged to impose tighter controls. Swift representatives would be stationed alongside intelligence officials and could block any searches considered inappropriate, several officials said. The procedural change provoked some opposition at the C.I.A. because “the agency was chomping at the bit to have unfettered access to the information,” a senior counterterrorism official said. But the Treasury Department saw it as a necessary compromise, the official said, to “save the program.”


Bush Administration Spent $30 Million Last Year On Illegally Obtained Personal Data

June 21, 2006

From the AP, Via Yahoo! News:

Federal and local police across the country — as well as some of the nation's best-known companies — have been gathering Americans' phone records from private data brokers without subpoenas or warrants.

These brokers, many of whom market aggressively across the Internet, have broken into customer accounts online, tricked phone companies into revealing information and sometimes acknowledged that their practices violate laws, according to documents obtained by The Associated Press.

Legal experts and privacy advocates said police reliance on private vendors who commit such acts raises civil liberties questions.

Those using data brokers include agencies of the Homeland Security and Justice departments — including the FBI and U.S. Marshal's Service — and municipal police departments in California, Florida, Georgia and Utah. Experts believe hundreds of other departments frequently use such services.

"We are requesting any and all information you have regarding the above cell phone account and the account holder … including account activity and the account holder's address," Ana Bueno, a police investigator in Redwood City, Calif., wrote in October to PDJ Investigations of Granbury, Texas.

An agent in Denver for U.S. Immigration and Customs Enforcement, Anna Wells, sent a similar request on March 31 on Homeland Security stationery: "I am looking for all available subscriber information for the following phone number," Wells wrote to a corporate alias used by PDJ.

Congressional investigators estimated the U.S. government spent $30 million last year buying personal data from private brokers. But that number likely understates the breadth of transactions, since brokers said they rarely charge law enforcement agencies.

A lawmaker who has investigated the industry said Monday he was concerned about data brokers.

"There's a good chance there are some laws being broken, but it's not really clear precisely which laws, said Rep. Ed Whitfield, R-Ky., head of the House Energy and Commerce investigations subcommittee that plans to begin hearings Wednesday.

Documents gathered by Whitfield's committee show data brokers use trickery, impersonation and even technology to try to gather Americans' phone records. "They can basically obtain any information about anybody on any subject," Whitfield said.

James Bearden, a Texas lawyer who represents four such data brokers, likened the companies' activities to the National Security Agency, which reportedly compiles the phone records of ordinary Americans.

"The government is doing exactly what these people are accused of doing," Bearden said. "These people are being demonized. These are people who are partners with law enforcement on a regular basis."

Many of the executives summoned to testify before Congress this week plan to refuse to answer questions, invoking their Fifth Amendment right against self incrimination.

Larry Slade, PDJ's lawyer, said no one at the company violated laws, but he acknowledged, "I'm not sure that every law enforcement agency in the country would agree with that analysis."

PDJ always provided help to police for free. "Agencies from all across the country took advantage of it," Slade said.

The police agencies told AP they used the data brokers because it was quicker and easier than subpoenas, and their lawyers believe their actions did not violate the Fourth Amendment's guarantee against unlawful search and seizure.

Some agencies, such as Immigrations and Customs Enforcement, instructed agents to stop the practice after congressional inquiries. Police in Orem, Utah, likewise plan to end the practice because of concerns about "questionable methods" used by the data brokers, Lt. Doug Edwards said.

The records also list some of America's most famous corporate names — from automakers to insurers to banks — as purchasing information on private citizens from data brokers, which often help companies track down delinquent customers.

For instance, a 2003 customer list for data broker Universal Communications Company listed Ford Motor Credit Co., the automaker's lending arm, as the single largest purchaser of phone toll records, paying $17,435 to buy such data that year. In all, Ford's lending arm spent more than $50,000 with that data broker that year. Ford also paid $9,000 to another such company, Global Information Group, in 2004, the records state.

Also on UCC's or Global Information's paying client list was the insurer State Farm's banking arm, Chrysler's consumer lending arm, Enterprise Rent-A-Car and banking giants Wells Fargo and Wachovia Financial Services.

At least 50 departments of Wachovia made data requests in 2004, accumulating thousands of dollars in charges. Most of the companies could not provide an immediate explanation when called for comment Tuesday.

Ford Motor Credit spokeswoman Meredith Libby said Tuesday her company used the vendors in the past to help locate customers who weren't paying and had disappeared but the companies "are no longer on our approved vendor lists."

Asked why Ford would need phone toll records, Libby said her company "did not necessarily say (to the vendor), `Give us this specific piece of data, but rather help us to find this person,'" and the charges for phone records were part of the process.

None of the police agencies interviewed by AP said they researched their data brokers to determine how they gather sensitive information like names associated with unlisted numbers, records of phone calls, e-mail aliases — even tracing a person's location using their cellular phone signal.

"If it's on the Internet and it's been commended to us, we wouldn't do a full-scale investigation," Marshal's Service spokesman David Turner said. "We don't knowingly go into any source that would be illegal. We were not aware, I'm fairly certain, what technique was used by these subscriber services."

At Immigration and Customs Enforcement, spokesman Dean Boyd said agents did not pay for phone records and sought approval from U.S. prosecutors before making requests. Their goal was "to more quickly identify and filter out phone numbers that were unrelated to their investigations," Boyd said.

Targets of the police interest include alleged marijuana smugglers, car thieves, armed thugs and others.

The data services also are enormously popular among collection agencies, bails bondsmen, private detectives and suspicious spouses. Customers included:

– A U.S. Labor Department employee who used her government e-mail address and phone number to buy two months of personal cellular phone records of a woman in New Jersey.

– A buyer who received credit card information about the father of murder victim Jon Benet Ramsey.

– A buyer who obtained 20 printed pages of phone calls by pro basketball player Damon Jones of the Cleveland Cavaliers.

"I'm very disappointed," Jones told AP on Tuesday. "I paid for a service and that service is being violated. I've been an upstanding guy, never been in any trouble or anything like that. I was shocked, and I really want to get to the bottom of this."

Privacy advocates bristled over data brokers gathering records for police without subpoenas.

"This is pernicious, an end run around the Fourth Amendment," said Marc Rotenberg, head of the Washington-based Electronic Privacy Information Center which advocates tougher federal regulation of data brokers. "The government is encouraging unlawful conduct; it's not smart on the law enforcement side to be making use of information obtained improperly."

Legal experts said law enforcement agencies would be permitted to use illegally obtained information from private parties without violating the Fourth Amendment as long as police did not encourage crimes to be committed.

"If law enforcement is encouraging people in the private sector to commit a crime in getting these records, that would be problematic," said Mark Levin, a former top Justice Department official under President Reagan. "If, on the other hand, they are asking data brokers if they have any public information on any given phone numbers, that should be fine."

Levin said he nonetheless would have advised federal agents to use the practice only when it was a matter of urgency or national security and otherwise to stick to a legally bulletproof method like subpoenas for everyday cases.

Congress subpoenaed thousands of documents from data brokers describing how they collected telephone records by impersonating customers.

"I was shot down four times," data broker employee Michele Yontef complained in an e-mail in July 2005 to a colleague. Yontef was among those ordered to appear at this week's hearing.

Another company years ago even acknowledged breaking the law.

"We must break various rules of law in acquiring all the information we achieve for you," Touch Tone Information Inc. of Denver wrote to a law firm in 1998 that was seeking records of calls made on a calling card.


AT&T Whistle-Blower’s Evidence

May 19, 2006

From Wired News:

Former AT&T technician Mark Klein is the key witness in the Electronic Frontier Foundation's class-action lawsuit against the company, which alleges that AT&T illegally cooperated in an illegal National Security Agency domestic-surveillance program.

In this recently surfaced statement, Klein details his discovery of an alleged surveillance operation in an AT&T office in San Francisco, and offers his interpretation of company documents that he believes support his case.
For its part, AT&T is asking a federal judge to keep those documents out of court, and to order the EFF to return them to the company. Here Wired News presents Klein's statement in its entirety, along with select pages from the AT&T documents.

AT&T's Implementation of NSA Spying on American Citizens

31 December 2005

I wrote the following document in 2004 when it became clear to me that AT&T, at the behest of the National Security Agency, had illegally installed secret computer gear designed to spy on internet traffic. At the time I thought this was an outgrowth of the notorious Total Information Awareness program which was attacked by defenders of civil liberties. But now it's been revealed by The New York Times that the spying program is vastly bigger and was directly authorized by President Bush, as he himself has now admitted, in flagrant violation of specific statutes and constitutional protections for civil liberties. I am presenting this information to facilitate the dismantling of this dangerous Orwellian project.
AT&T Deploys Government Spy Gear on WorldNet Network

— 16 January, 2004

In 2003 AT&T built "secret rooms" hidden deep in the bowels of its central offices in various cities, housing computer gear for a government spy operation which taps into the company's popular WorldNet service and the entire internet. These installations enable the government to look at every individual message on the internet and analyze exactly what people are doing. Documents showing the hardwire installation in San Francisco suggest that there are similar locations being installed in numerous other cities.

The physical arrangement, the timing of its construction, the government-imposed secrecy surrounding it, and other factors all strongly suggest that its origins are rooted in the Defense Department's Total Information Awareness (TIA) program which brought forth vigorous protests from defenders of constitutionally protected civil liberties last year:

"As the director of the effort, Vice Adm. John M. Poindexter, has described the system in Pentagon documents and in speeches, it will provide intelligence analysts and law enforcement officials with instant access to information from internet mail and calling records to credit card and banking transactions and travel documents, without a search warrant." The New York Times, 9 November 2002

To mollify critics, the Defense Advanced Research Projects Agency (Darpa) spokesmen have repeatedly asserted that they are only conducting "research" using "artificial synthetic data" or information from "normal DOD intelligence channels" and hence there are "no U.S. citizen privacy implications" (Department of Defense, Office of the Inspector General report on TIA, December 12, 2003). They also changed the name of the program to "Terrorism Information Awareness" to make it more politically palatable. But feeling the heat, Congress made a big show of allegedly cutting off funding for TIA in late 2003, and the political fallout resulted in Adm. Poindexter's abrupt resignation last August. However, the fine print reveals that Congress eliminated funding only for "the majority of the TIA components," allowing several "components" to continue (DOD, ibid). The essential hardware elements of a TIA-type spy program are being surreptitiously slipped into "real world" telecommunications offices.

In San Francisco the "secret room" is Room 641A at 611 Folsom Street, the site of a large SBC phone building, three floors of which are occupied by AT&T. High-speed fiber-optic circuits come in on the 8th floor and run down to the 7th floor where they connect to routers for AT&T's WorldNet service, part of the latter's vital "Common Backbone." In order to snoop on these circuits, a special cabinet was installed and cabled to the "secret room" on the 6th floor to monitor the information going through the circuits. (The location code of the cabinet is 070177.04, which denotes the 7th floor, aisle 177 and bay 04.) The "secret room" itself is roughly 24-by-48 feet, containing perhaps a dozen cabinets including such equipment as Sun servers and two Juniper routers, plus an industrial-size air conditioner.

The normal work force of unionized technicians in the office are forbidden to enter the "secret room," which has a special combination lock on the main door. The telltale sign of an illicit government spy operation is the fact that only people with security clearance from the National Security Agency can enter this room. In practice this has meant that only one management-level technician works in there. Ironically, the one who set up the room was laid off in late 2003 in one of the company's endless "downsizings," but he was quickly replaced by another.

Plans for the "secret room" were fully drawn up by December 2002, curiously only four months after Darpa started awarding contracts for TIA. One 60-page document, identified as coming from "AT&T Labs Connectivity & Net Services" and authored by the labs' consultant Mathew F. Casamassima, is titled Study Group 3, LGX/Splitter Wiring, San Francisco and dated 12/10/02. (See sample PDF 1-4.) This document addresses the special problem of trying to spy on fiber-optic circuits. Unlike copper wire circuits which emit electromagnetic fields that can be tapped into without disturbing the circuits, fiber-optic circuits do not "leak" their light signals. In order to monitor such communications, one has to physically cut into the fiber somehow and divert a portion of the light signal to see the information.

This problem is solved with "splitters" which literally split off a percentage of the light signal so it can be examined. This is the purpose of the special cabinet referred to above: Circuits are connected into it, the light signal is split into two signals, one of which is diverted to the "secret room." The cabinet is totally unnecessary for the circuit to perform — in fact it introduces problems since the signal level is reduced by the splitter — its only purpose is to enable a third party to examine the data flowing between sender and recipient on the internet.

The above-referenced document includes a diagram (PDF 3) showing the splitting of the light signal, a portion of which is diverted to "SG3 Secure Room," i.e., the so-called "Study Group" spy room. Another page headlined "Cabinet Naming" (PDF 2) lists not only the "splitter" cabinet but also the equipment installed in the "SG3" room, including various Sun devices, and Juniper M40e and M160 "backbone" routers. PDF file 4 shows one of many tables detailing the connections between the "splitter" cabinet on the 7th floor (location 070177.04) and a cabinet in the "secret room" on the 6th floor (location 060903.01). Since the San Francisco "secret room" is numbered 3, the implication is that there are at least several more in other cities (Seattle, San Jose, Los Angeles and San Diego are some of the rumored locations), which likely are spread across the United States.

One of the devices in the "Cabinet Naming" list is particularly revealing as to the purpose of the "secret room": a Narus STA 6400. Narus is a 7-year-old company which, because of its particular niche, appeals not only to businessmen (it is backed by AT&T, JP Morgan and Intel, among others) but also to police, military and intelligence officials. Last November 13-14, for instance, Narus was the "Lead Sponsor" for a technical conference held in McLean, Virginia, titled "Intelligence Support Systems for Lawful Interception and Internet Surveillance." Police officials, FBI and DEA agents, and major telecommunications companies eager to cash in on the "war on terror" had gathered in the hometown of the CIA to discuss their special problems. Among the attendees were AT&T, BellSouth, MCI, Sprint and Verizon. Narus founder, Dr. Ori Cohen, gave a keynote speech. So what does the Narus STA 6400 do?

"The (Narus) STA Platform consists of stand-alone traffic analyzers that collect network and customer usage information in real time directly from the message…. These analyzers sit on the message pipe into the ISP (internet service provider) cloud rather than tap into each router or ISP device" (Telecommunications magazine, April 2000). A Narus press release (1 Dec., 1999) also boasts that its Semantic Traffic Analysis (STA) technology "captures comprehensive customer usage data … and transforms it into actionable information…. (It) is the only technology that provides complete visibility for all internet applications."

To implement this scheme, WorldNet's high-speed data circuits already in service had to be rerouted to go through the special "splitter" cabinet. This was addressed in another document of 44 pages from AT&T Labs, titled "SIMS, Splitter Cut-In and Test Procedure," dated 01/13/03 (PDF 5-6). "SIMS" is an unexplained reference to the secret room. Part of this reads as follows:

"A WMS (work) Ticket will be issued by the AT&T Bridgeton Network Operation Center (NOC) to charge time for performing the work described in this procedure document….
"This procedure covers the steps required to insert optical splitters into select live Common Backbone (CBB) OC3, OC12 and OC48 optical circuits."

The NOC referred to is in Bridgeton, Missouri, and controls WorldNet operations. (As a sign that government spying goes hand-in-hand with union-busting, the entire (Communication Workers of America) Local 6377 which had jurisdiction over the Bridgeton NOC was wiped out in early 2002 when AT&T fired the union work force and later rehired them as nonunion "management" employees.) The cut-in work was performed in 2003, and since then new circuits are connected through the "splitter" cabinet.

Another "Cut-In and Test Procedure" document dated January 24, 2003, provides diagrams of how AT&T Core Network circuits were to be run through the "splitter" cabinet (PDF 7). One page lists the circuit IDs of key Peering Links which were "cut-in" in February 2003 (PDF 8), including ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, AboveNet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet and Mae West. By the way, Mae West is one of two key internet nodal points in the United States (the other, Mae East, is in Vienna, Virginia). It's not just WorldNet customers who are being spied on — it's the entire internet.

The next logical question is, what central command is collecting the data sent by the various "secret rooms"? One can only make educated guesses, but perhaps the answer was inadvertently given in the DOD Inspector General's report (cited above):

"For testing TIA capabilities, Darpa and the U.S. Army Intelligence and Security Command (INSCOM) created an operational research and development environment that uses real-time feedback. The main node of TIA is located at INSCOM (in Fort Belvoir, Virginia)…."

Among the agencies participating or planning to participate in the INSCOM "testing" are the "National Security Agency, the Defense Intelligence Agency, the Central Intelligence Agency, the DOD Counterintelligence Field Activity, the U.S. Strategic Command, the Special Operations Command, the Joint Forces Command and the Joint Warfare Analysis Center." There are also "discussions" going on to bring in "non-DOD federal agencies" such as the FBI.

This is the infrastructure for an Orwellian police state. It must be shut down!


Feds Tracking ABC Reporters Phone Calls

May 16, 2006

From The Blotter at ABC News:

A senior federal law enforcement official tells ABC News the government is tracking the phone numbers we (Brian Ross and Richard Esposito) call in an effort to root out confidential sources.

"It's time for you to get some new cell phones, quick," the source told us in an in-person conversation.

ABC News does not know how the government determined who we are calling, or whether our phone records were provided to the government as part of the recently-disclosed NSA collection of domestic phone calls.

Other sources have told us that phone calls and contacts by reporters for ABC News, along with the New York Times and the Washington Post, are being examined as part of a widespread CIA leak investigation.

One former official was asked to sign a document stating he was not a confidential source for New York Times reporter James Risen.

Our reports on the CIA's secret prisons in Romania and Poland were known to have upset CIA officials. The CIA asked for an FBI investigation of leaks of classified information following those reports.

People questioned by the FBI about leaks of intelligence information say the CIA was also disturbed by ABC News reports that revealed the use of CIA predator missiles inside Pakistan.

Under Bush Administration guidelines, it is not considered illegal for the government to keep track of numbers dialed by phone customers.

The official who warned ABC News said there was no indication our phones were being tapped so the content of the conversation could be recorded.

A pattern of phone calls from a reporter, however, could provide valuable clues for leak investigators.


Government Moves To Squash EFF Lawsuit Against AT&T

May 15, 2006

From The EFF:

Government Moves to Intervene in AT&T Surveillance Case

DOJ Will Assert Military and State Secrets Privilege and Request Dismissal of Lawsuit

San Francisco – The United States government filed a "Statement of Interest" Friday in the Electronic Frontier Foundation's (EFF's) class-action lawsuit against AT&T, announcing that the government would "assert the military and state secrets privilege" and "intervene to seek dismissal" of the case.

EFF's lawsuit accuses AT&T of collaborating with the National Security Agency in its massive surveillance program. EFF's evidence regarding AT&T's dragnet surveillance of its networks, currently filed under seal, includes a declaration by Mark Klein, a retired AT&T telecommunications technician, and several internal AT&T documents. This evidence was bolstered and explained by the expert opinion of J. Scott Marcus, who served as Senior Advisor for Internet Technology to the Federal Communications Commission from July 2001 until July 2005

Much of the evidence in the case is currently under seal, as AT&T claims public release of the documents would expose trade secrets. A hearing on the issue is scheduled for May 17th.

For the full Statement of Interest:
http://www.eff.org/legal/cases/att/USA_statement_of_interest.pdf

For more on EFF's suit:
http://www.eff.org/legal/cases/att/

Contact:

Rebecca Jeschke
Media Coordinator
Electronic Frontier Foundation
press@eff.org


NSA Whistleblower To Testify Before Senate

May 14, 2006

NSA Whistleblower To Expose More Unlawful Activity: ‘People…Are Going To Be Shocked’

CongressDaily reports that former NSA staffer Russell Tice will testify to the Senate Armed Services Committee next week that not only do employees at the agency believe the activities they are being asked to perform are unlawful, but that what has been disclosed so far is only the tip of the iceberg. Tice will tell Congress that former NSA head Gen. Michael Hayden, Bush’s nominee to be the next CIA director, oversaw more illegal activity that has yet to be disclosed:

A former intelligence officer for the National Security Agency said Thursday he plans to tell Senate staffers next week that unlawful activity occurred at the agency under the supervision of Gen. Michael Hayden beyond what has been publicly reported, while hinting that it might have involved the illegal use of space-based satellites and systems to spy on U.S. citizens. …

[Tice] said he plans to tell the committee staffers the NSA conducted illegal and unconstitutional surveillance of U.S. citizens while he was there with the knowledge of Hayden. … “I think the people I talk to next week are going to be shocked when I tell them what I have to tell them. It’s pretty hard to believe,” Tice said. “I hope that they’ll clean up the abuses and have some oversight into these programs, which doesn’t exist right now.” …

Tice said his information is different from the Terrorist Surveillance Program that Bush acknowledged in December and from news accounts this week that the NSA has been secretly collecting phone call records of millions of Americans. “It’s an angle that you haven’t heard about yet,” he said. … He would not discuss with a reporter the details of his allegations, saying doing so would compromise classified information and put him at risk of going to jail. He said he “will not confirm or deny” if his allegations involve the illegal use of space systems and satellites.

Tice has a history for blowing the whistle on serious misconduct. He was one of the sources that revealed the administration’s warrantless domestic spying program to the New York Times.


Telecom Giants Face Billions In Suits

May 14, 2006

From The NY Times:

The former chief executive of Qwest, the nation's fourth-largest phone company, rebuffed government requests for the company's calling records after 9/11 because of "a disinclination on the part of the authorities to use any legal process," his lawyer said yesterday.

The statement on behalf of the former Qwest executive, Joseph P. Nacchio, followed a report that the other big phone companies — AT&T, BellSouth and Verizon — had complied with an effort by the National Security Agency to build a vast database of calling records, without warrants, to increase its surveillance capabilities after the Sept. 11 attacks.

Those companies insisted yesterday that they were vigilant about their customers' privacy, but did not directly address their cooperation with the government effort, which was reported on Thursday by USA Today. Verizon said that it provided customer information to a government agency "only where authorized by law for appropriately defined and focused purposes," but that it could not comment on any relationship with a national security program that was "highly classified."

Legal experts said the companies faced the prospect of lawsuits seeking billions of dollars in damages over cooperation in the program, citing communications privacy legislation stretching back to the 1930's. A federal lawsuit was filed in Manhattan yesterday seeking as much as $50 billion in civil damages against Verizon on behalf of its subscribers.

For a second day, there was political fallout on Capitol Hill, where Senate Democrats intend to use next week's confirmation hearings for a new C.I.A. director to press the Bush administration on its broad surveillance programs.

As senior lawmakers in Washington vowed to examine the phone database operation and possibly issue subpoenas to the telephone companies, executives at some of the companies said they would comply with requests to appear on Capitol Hill but stopped short of describing how much would be disclosed, at least in public sessions.

"If Congress asks us to appear, we will appear," said Selim Bingol, a spokesman at AT&T. "We will act within the laws and rules that apply."

Qwest was apparently alone among the four major telephone companies to have resisted the requests to cooperate with the government effort. A statement issued on behalf of Mr. Nacchio yesterday by his lawyer, Herbert J. Stern, said that after the government's first approach in the fall of 2001, "Mr. Nacchio made inquiry as to whether a warrant or other legal process had been secured in support of that request."

"When he learned that no such authority had been granted, and that there was a disinclination on the part of the authorities to use any legal process," Mr. Nacchio concluded that the requests violated federal privacy requirements "and issued instructions to refuse to comply."

The statement said the requests continued until Mr. Nacchio left in June 2002. His departure came amid accusations of fraud at the company, and he now faces federal charges of insider trading.

The database reportedly assembled by the security agency from calling records has dozens of fields of information, including called and calling numbers and the duration of calls, but nothing related to the substance of the calls. But it could permit what intelligence analysts and commercial data miners refer to as "link analysis," a statistical technique for investigators to identify calling patterns in a seemingly impenetrable mountain of digital data.

The law governing the release of phone company data has been modified repeatedly to grapple with changing computer and communications technologies that have increasingly bedeviled law enforcement agencies. The laws include the Communications Act, first passed in 1934, and a variety of provisions of the Electronic Communications and Privacy Act, including the Stored Communications Act, passed in 1986.

Wiretapping — actually listening to phone calls — has been tightly regulated by these laws. But in general, the laws have set a lower legal standard required by the government to obtain what has traditionally been called pen register or trap-and-trace information — calling records obtained when intelligence and police agencies attached a specialized device to subscribers' telephone lines.

Those restrictions still hold, said a range of legal scholars, in the face of new computer databases with decades' worth of calling records. AT&T created such technology during the 1990's for use in fraud detection and has previously made such information available to law enforcement with proper warrants.

Orin Kerr, a former federal prosecutor and assistant professor at George Washington University, said his reading of the relevant statutes put the phone companies at risk for at least $1,000 per person whose records they disclosed without a court order.

"This is not a happy day for the general counsels" of the phone companies, he said. "If you have a class action involving 10 million Americans, that's 10 million times $1,000 — that's 10 billion."

The New Jersey lawyers who filed the federal suit against Verizon in Manhattan yesterday, Bruce Afran and Carl Mayer, said they would consider filing suits against BellSouth and AT&T in other jurisdictions.

"This is almost certainly the largest single intrusion into American civil liberties ever committed by any U.S. administration," Mr. Afran said. "Americans expect their phone records to be private. That's our bedrock governing principle of our phone system." In addition to damages, the suit seeks an injunction against the security agency to stop the collection of phone numbers.

Several legal experts cited ambiguities in the laws that may be used by the government and the phone companies to defend the National Security Agency program.

"There's a loophole," said Mark Rasch, the former head of computer-crime investigations for the Justice Department and now the senior vice president of Solutionary, a computer security company. "Records of phones that have called each other without identifying information are not covered by any of these laws."

Civil liberties lawyers were quick to dispute that claim.

"This is an incredible red herring," said Kevin Bankston, a lawyer for the Electronic Frontier Foundation, a privacy rights group that has sued AT&T over its cooperation with the government, including access to calling records. "There is no legal process that contemplates getting entire databases of data."

The group sued AT&T in late January, contending that the company was violating the law by giving the government access to its customer call record data and permitting the agency to tap its Internet network. The suit followed reports in The New York Times in December that telecommunications companies had cooperated with such government requests without warrants.

A number of industry executives pointed to the national climate in the wake of the Sept. 11 attacks to explain why phone companies might have risked legal entanglement in cooperating with the requests for data without warrants.

An AT&T spokesman said yesterday that the company had gotten some calls and e-mail messages about the news reports, but characterized the volume as "not heavy" and said there were responses on both sides of the issue.

Reaction around the country also appeared to be divided.

Cathy Reed, 45, a wealth manager from Austin, Tex., who was visiting Boston, said she did not see a problem with the government's reviewing call logs. "I really don't think it matters," she said. "I bet every credit card company already has them."

Others responded critically. Pat Randall, 63, a receptionist at an Atlanta high-rise, said, "Our phone conversations are just personal, and to me, the phone companies that cooperated, I think we should move our phone services to the company that did not cooperate."

While the telephone companies have both business contracts and regulatory issues before the federal government, executives in the industry yesterday dismissed the notion that they felt pressure to take part in any surveillance programs. The small group of executives with the security clearance necessary to deal with the government on such matters, they said, are separate from the regulatory and government contracting divisions of the companies.